Package: awstats
Version: 6.5-1
Severity: important
Tags: security
Source: http://www.osreviews.net/reviews/comm/awstats
| If the update of the stats via web front-end is allowed, a remote
| attacker can execute arbitrary code on the server using a specially
| crafted request involving the migrat
This is CVE-2006-2237. Please mention it in the changelog
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Source: http://www.osreviews.net/reviews/comm/awstats
>
> | If the update of the stats via web front-end is allowed, a remote
> | attacker can execute arbitrary code on the server using a specially
> | crafted request involving the migrate parameter. Input starting with
> | a pipe character ("|"
On Tue, 9 May 2006 21:19:29 +0200 Stefan Fritsch wrote:
> This is CVE-2006-2237. Please mention it in the changelog
Will do. Appreciate the reminder :-)
- Jonas
--
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://w
4 matches
Mail list logo
